It's great that you live somewhere where you don't have to worry about any of these things, but a lot of us aren't so lucky.
> And really if I'm in a country with such invasive censoring I would prefer to use a VPN and avoid their prying eyes altogether.
Those countries block VPNs.
> Especially on IPv6 as there's no more need for SNI.
I can foresee CloudFlare offering a single-IPv6 shared endpoint for the sole purpose of making eSNI/ECH remain effective.
> At the same time I have to give up a lot of valuable statistics, troubleshooting data and validation about whether apps do as they claim.
Can't you get this information directly off of your endpoint device, whether or not the traffic is encrypted over the network?
> How would that work? I control my host file. Apps can not mess with it. Not on my computer and not on my phone.
I was thinking more about IoT appliances when I wrote that. For programs on your phone or computer, they can tell their TLS library to use whatever SNI you want, so even if they did hardcode the IP in the client program, SNI could still include the right hostname.
> And really if I'm in a country with such invasive censoring I would prefer to use a VPN and avoid their prying eyes altogether.
Those countries block VPNs.
> Especially on IPv6 as there's no more need for SNI.
I can foresee CloudFlare offering a single-IPv6 shared endpoint for the sole purpose of making eSNI/ECH remain effective.
> At the same time I have to give up a lot of valuable statistics, troubleshooting data and validation about whether apps do as they claim.
Can't you get this information directly off of your endpoint device, whether or not the traffic is encrypted over the network?
> How would that work? I control my host file. Apps can not mess with it. Not on my computer and not on my phone.
I was thinking more about IoT appliances when I wrote that. For programs on your phone or computer, they can tell their TLS library to use whatever SNI you want, so even if they did hardcode the IP in the client program, SNI could still include the right hostname.